HomePentest-Tools.com Logo

Atlassian Confluence XSS and Insecure Direct Object Reference Vulnerabilities CVE-2015-8398CVE-2015-8399

Severity
CVSSv3 Score
4.3
Vulnerability description

Atlassian Confluence is prone to cross site scripting and insecure direct object reference vulnerabilities.

Risk description

Multiple flaws are due to - An improper sanitization of user supplied input via different parameters in the REST API. - An Insecure Direct Object Reference via parameter decoratorName. Successful exploitation will allow remote attackers to execute arbitrary script code in a users browser session and to read configuration files from the application.

Recommendation

Upgrade to Confluence version 5.8.17 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 11, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available